CVE-2024-28000

CRITICAL EXPLOITED NUCLEI

WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2024-28000 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 6 public exploits from researchers including Milad karimi, Alucard0x1, arch1m3d. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in the Litespeed Cache WordPress Plugin 6.3.0.1 by brute-forcing a hash value to gain administrator privileges and create a new admin user.

Description

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.

Exploits (6)

exploitdb WORKING POC
by Milad karimi · pythonwebappsphp
https://www.exploit-db.com/exploits/52328

This exploit targets a privilege escalation vulnerability in the Litespeed Cache WordPress Plugin 6.3.0.1 by brute-forcing a hash value to gain administrator privileges and create a new admin user.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Racy
Target: Litespeed Cache WordPress Plugin 6.3.0.1
No auth needed
Prerequisites: Target URL with vulnerable plugin · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 21 stars
by Alucard0x1 · remote
https://github.com/Alucard0x1/CVE-2024-28000

This PoC exploits a privilege escalation vulnerability in the LiteSpeed Cache WordPress plugin (CVE-2024-28000) by brute-forcing a weak security hash to gain Administrator-level access. The script uses concurrent requests to test random hash values and creates a new admin user upon success.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: LiteSpeed Cache WordPress plugin < 6.4
No auth needed
Prerequisites: Target WordPress site with vulnerable LiteSpeed Cache plugin · Admin user ID to impersonate
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 7 stars
by arch1m3d · remote
https://github.com/arch1m3d/CVE-2024-28000

This repository contains a functional PoC for CVE-2024-28000, a privilege escalation vulnerability in the LiteSpeed Cache WordPress plugin. The exploit automates the detection of exposed debug.log files and leverages a hash mismatch to create an admin user.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: LiteSpeed Cache plugin for WordPress < 6.4
No auth needed
Prerequisites: Exposed debug.log file · LiteSpeed Cache plugin < 6.4
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by ebrasha · poc
https://github.com/ebrasha/CVE-2024-28000

This PoC exploits CVE-2024-28000, targeting the LiteSpeed Cache WordPress plugin. It checks for vulnerable versions and includes functionality for Google Dorking to identify potential targets.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: LiteSpeed Cache WordPress plugin < 6.3
No auth needed
Prerequisites: WordPress site with LiteSpeed Cache plugin installed and activated · Plugin version below 6.3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by JohnDoeAnonITA · remote
https://github.com/JohnDoeAnonITA/CVE-2024-28000

This Go-based exploit targets CVE-2024-28000, a privilege escalation vulnerability in LiteSpeed Cache plugin versions <=6.3. It automates the creation of an administrator account by brute-forcing a hash and leveraging the plugin's flawed authentication mechanism.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: LiteSpeed Cache WordPress plugin <=6.3
No auth needed
Prerequisites: WordPress site with vulnerable LiteSpeed Cache plugin · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by SSSSuperX · remote
https://github.com/SSSSuperX/CVE-2024-28000

This repository contains a working exploit and scanner for CVE-2024-28000, targeting a vulnerability in the LiteSpeed Cache plugin for WordPress. The exploit leverages cookie manipulation to bypass authentication and create an administrator user.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: LiteSpeed Cache plugin for WordPress (versions prior to 6.3.0.1)
No auth needed
Prerequisites: Target must have the vulnerable LiteSpeed Cache plugin installed · WordPress site must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
CRITICALVERIFIEDby melmathari

References (6)

Core 6

Scores

CVSS v3 9.8
EPSS 0.6793
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2024-08-21
CWE
CWE-266
Status published
Products (2)
LiteSpeed Technologies/LiteSpeed Cache < 6.3.0.1
litespeedtech/litespeed_cache 1.9 - 6.4
Published Aug 21, 2024
Tracked Since Feb 18, 2026